Supported Azure AD deployment types

Only the Hybrid Azure AD deployment, where the on-prem Active directory is connected to Azure AD is supported. To connect your on-prem Active Directory to Azure AD, please refer to the Microsoft Azure AD documentation.

Supported Horizon pool types

Hybrid Azure Active Directory for SSO is supported on instant clone desktop pools and Manual and Automated full clone desktop pools.

Single Sign-On into Azure AD assigned resources will not work until the desktop VM is in a state where it can issue an Azure AD Primary Refresh Token (PRT) on the end user login. See the Microsoft Azure AD documentation to learn more about Azure AD PRT.

Best Practices

• If you do not select computer accounts, then on the deletion or rebuild of any pool VM the newly created VM uses a different VM name and adds a new device account in Active directory. The old device entry, which is no longer useful, remains in AD. To avoid this situation, select the "Allow Reuse of Existing Computer Accounts" check box when creating a full clone pool.
• When the desktop pool is deleted from Horizon 8, computer accounts are not removed from the AD. The Administrator must remove them from the Active Directory.

For more information about support for Azure Active Directory, see https://kb.vmware.com/s/article/89127.